Open b1nhack opened 1 year ago
What processes do you expect to not be spawned?
What processes do you expect to not be spawned?
everyting
I don't understand the issue you are having. Please give a concrete example of a process that shouldn't have started.
I don't understand the issue you are having. Please give a concrete example of a process that shouldn't have started.
notepad.exe is one
If you run your program with SYSTEM privileges and your program then runs notepad.exe
, it is expected that notepad.exe
will also run with SYSTEM privileges. Programs inherit the privileges level of their parent by default.
If you don't run your program with SYSTEM privileges and yet notepad.exe
somehow runs with SYSTEM privileges, that is not a bug in rust, but one in Windows. It shouldn't be possible for an unprivileged user to run arbitrary programs with the highest possible privilege level.
No, I mean only under Windows Server 2008, and running with SYSTEM privileges.
Do you run your own program with SYSTEM privileges?
#![windows_subsystem = "windows"]
use std::process;
fn main() {
process::Command::new("notepad.exe").spawn().unwrap();
}
This code is compiled into a binary program (*.exe). Note: MSVC toolchain needs to specify "-C", "target-feature=+crt-static" flag to be compatible with Windows server 2008. The compiled exe, under Windows server 2008 with administrator privileges can normally spawn a notepad.exe process.
Using processhacker runas a cmd.exe with SYSTEM privileges, executing the compiled exe in a cmd with SYSTEM privileges will not spawn a notepad.exe process. And this problem only occurs if you specify #![windows_subsystem = "windows"].
Have you tried nightly rust?
Not yet
Note: Windows 2008 is based on Windows Vista which is out of our support range, unless you mean Windows 2008 R2, which is based on Windows 7 and is currently considered a "best effort" support target. These are also End of Support for Microsoft as well, unfortunately.
It would be useful to confirm if this problem is still active on Windows 10, Windows 11, or their "Windows Server" derivatives.
I am referring to Windows Server 2008 R2, after my testing, Windows 10 does not have this issue.
Then this issue will be "fixed" in ~7 months by https://github.com/rust-lang/compiler-team/issues/651
I tried this code:
I expected to see this happen: Setting #![windows_subsystem = "windows"], processes will not be spawned under Windows server 2008 SYSTEM privileges.
Meta
rustc --version --verbose
:Backtrace
``` Because of the specification of #![windows_subsystem = "windows"], so I can't see the backtrace ```